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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 30 April 2001 . 
2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) M Claim(s) 1-86 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-86 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) [x] The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 30 April 2001 is/are: a)D accepted or b)[x] objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 1 20 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 

Attachment(s) 

1) M Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). . 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-1 52) 

3) M Information Disclosure Statement(s) (PTO-1449) Paper No(s) 4/12/02 . 6) □ Other: 
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DETAILED ACTION 



1 . Pursuant to USC 131, claims 1-86 are presented for examination. 



Specification 

2. The abstract of the disclosure is objected to because of the first sentence "a system and 
method ... are disclosed". Correction is required. SeeMPEP § 608.01(b). 

Applicant is reminded of the proper language and format for an abstract of the disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph on a 
separate sheet within the range of 50 to 150 words. It is important that the abstract not exceed 
1 50 words in length since the space provided for the abstract on the computer tape used by the 
printer is limited. The form and legal phraseology often used in patent claims, such as "means" 
and "said," should be avoided. The abstract should describe the disclosure sufficiently to assist 
readers in deciding whether there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, M The disclosure concerns," 
"The disclosure defined by this invention," "The disclosure describes," etc. 

2.1 The use of the trademark "NETSCAPE COMMUNICATOR and MICROSOFT" has 
been noted in this application. It should be capitalized wherever it appears and be accompanied 
by the generic terminology. 

Although the use of trademarks is permissible in patent applications, the proprietary 
nature of the marks should be respected and every effort made to prevent their use in any manner 
which might adversely affect their validity as trademarks. 



Application/Control Number: 09/845,22 1 Page 3 

Art Unit: 2136 

Drawings 

3. Figure 1 is objected to as failing to comply with 37 CFR 1 .84(p)(4) because reference 
characters "102" and "201" and reference characters "104" and "201" have both been used to 
designate participant. Appropriate correction is required. There is also lack of consistency 
regarding reference characters 102 and 104. For instance on page 4, reference character 102 is 
referred to first institution, participant, and issuing participant. The same problem also applies to 
104. Appropriate correction is required. 

3.1 The drawings are objected to as failing to comply with 37 CFR L84(p)(4) because the 
following reference numbers are not consistent with the drawings: for example on p. 4, "106" is 
described as first customer, buyer, subscribing customer, and customer. The same problem also 
applies to 108. Appropriate correction is required. 

3.2 Figures 2 and 3 are objected to as failing to comply with 37 CFR 1.84(p)(5) because it 
does not include reference signs: reference numbers (110, 106 and 108) in the description on 
page 5, lines 3-10. Appropriate correction is required. 

Claim Rejections - 35 USC §101 

4. 35 U.S.C. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 
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Claims 18, 35, 50, and 68 are rejected under 35 U.S.C 101 because the claimed 
invention is directed to non-statutory subject matter. The claim limitations are not embodied in a 
computer hardware or software. 

Claim Rejections - 35 USC § 102 

5, The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), 
(2), and (4) of section 371(c) of this title before the invention thereof by the applicant for 
patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

5. 1 Claims 1-17 are rejected under 35 U.S.C. 102(e) as being anticipated by US Patent 
Publication US2002/0 128940 to Orrin et al- 
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5.2 As per claim 1, Orrin et al. discloses a method of verifying the trustworthiness of a 
browser, comprising: transmitting an electronic document requiring signature from a first user 
computer to a second user computer; electronically signing the electronic document at the second 
user computer to create a first digital signature, for example (see pages 3-4, paragraphs 0038- 
0043); including as an attribute of the first digital signature a second digital signature, the second 
digital signature verifying the authenticity of one or more components running in an environment 
of the browser on the second user computer, for example (see pages 3-4, paragraphs 0038-0043 
see also page 7); transmitting the signed electronic document from the second user computer to 
the first user computer, for example (see pages 3-4, paragraphs 0038-0043); authenticating the 
second digital signature, for example (see pages 3-4, paragraphs 0038-0043). 

As per claim 2, Orrin et al. discloses the limitation of further comprising determining 
whether the entity that executed the second digital signature is authorized to certify the 
trustworthiness of the one or more components, for example (see pages 3-4, paragraphs 0038- 
0043). 

As per claims 3 and 4, Orrin et al. discloses the limitation of wherein the attribute is a 
signed attribute and an authenticated attribute, for example (see pages 3-4, paragraphs 0038- 
0043). 

As per claims 5 and 6, Orrin et al. discloses the limitation of wherein the authenticating 
comprises verifying the authenticity of the second digital signature and wherein the authenticity 



Application/Control Number: 09/845,22 1 Page 6 

Art Unit: 2136 

of the second digital signature is verified using a digital certificate, for example (see pages 3-4, 
paragraphs 0038-0043). 

As per claim 7, Orrin et al. discloses the limitation of wherein the authenticating 
comprises comparing a hash of the one or more components running in the browser environment 
included in the second digital signature to a known-good hash of the one or more components 
running in the browser environment, for example (see page 5, paragraph 0052). Orrin et al. 
discloses the parties using a web browser, for example (see page 2, 0023). 

As per claim 8, Orrin et al. discloses the limitation of wherein the authenticating is 
performed by the first user computer, for example (see pages 3-4, paragraphs 0038-0043). 

As per claim 9, Orrin et al- discloses the limitation of wherein the authenticating is 
performed by a computer maintained by a participant, for example (see page 6, paragraph 0070). 

As per claim 10, Orrin et al. discloses the limitation of wherein the authenticating is 
performed by an independent entity that is not a participant, for example (see page 7, paragraph 
0089). 

As per claim 11, Orrin et al. discloses the limitation of wherein the authenticating is 
performed by the second user computer, for example (see pages 3-4, paragraphs 0038-0043). 
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As per claim 12, Orrin et al. discloses that unsigned content can be included in the 
signature that meets the limitation of wherein an unsigned component running in the browser 
environment of the second user computer is included as an attribute of the first digital signature, 
for example (see page 7, paragraphs 0079-0083). 

As per claim 15, Orrin et al. discloses the limitation of wherein a hash of one or more 
signed browser components running on the second user computer is included as an attribute of 
the first digital signature, for example (see pages 3-4, paragraphs 0038-0043). 

6. Claims 18-49 are rejected under 35 U.S. C 102(e) as being anticipated by US Patent 
6,292,569 to Shear et al. (Applicant IDS). 

As per claims 18, 26, and 41, Shear et al. discloses a method of verifying the 
trustworthiness of a browser comprising: creating a first set of hashes, the first set of hashes 
comprising a hash of the browse at a first point in time, the first set of hashes being a known 
good set of hashes, for example (see column 10, line 55 through column 11, line 21; column 12, 
lines 16-55; see abstract); determining the status of the browser by: creating a second set of 
hashes, the second set of hashes comprising a hash of the browser at a second point in time, for 
example (see column 10, line 55 through column 1 1, line 21; column 12, lines 16-55; see 
abstract); verifying the second set of hashes to ensure that each hash was created by a trusted 
source, for example (see column 13, line 60 through column 14, line 10; column 10, line 55 
through column 11, line 21; column 12, linesl6-55; see abstract); and comparing the first set of 
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hashes to the second set of hashes, for example (see column 10, line 55 through column 11, line 
21; column 12, lines 16-55; see abstract). 

Claims 19-23 disclose the same inventive concept as claim 18. Therefore they are 
rejected on the same rationale as the rejection of claim 18. 

As per claims 24-25, Shear et al. discloses the limitation of wherein the first set of 
hashes is maintained by a trusted entity, and further comprising the steps of receiving from a 
requestor a. request to determine the trustworthiness of the browser, the request including the 
second set: of hashes; generating a report about the status of the browser based on a result of the 
determining step; and transmitting the report to the requestor, for example (see column 10, line 
34 through column 11, line 21; column 18, line 54 through column 19, line5; see abstract). 
Schneier also discloses this limitation as prior art as mentioned by Shear et al. at the end of 
column 10. 

Claims 27-34 disclose the same inventive concept as claim 24. Therefore they are 
rejected on the same rationale as the rejection of claim 24. Shear et al. further discloses using 
the invention for on-line financial transaction. 

Claims 35-49 are similar to the rejected claims 18-34 except for incorporating the 
claimed method into a system. Therefore, claims 35-49 are rejected on the same rationale as the 
rejection of claims 18-34. 
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Claim Rejections - 35 JJSC § 103 
6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

6. 1 Claims 50-86 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
6,292,569 to Shear et al. (Applicant IDS). 

6.2 As per claim 50, claim 50 recites similar limitations as claims 18 and 24 except for 
incorporating multiple parties. Shear et al. substantially teaches the claimed limitations of 18 
and 24 as mentioned above and further teaches financial transaction involving multiple parties, 
for example (see column 10, lines 33 et seq.) including trusted verifier customers and 
participants. Ginter et al (for example in column 4, lines 25 et seq.) as mentioned by Shear et 
al. also provides more detailed examples of financial transactions involving multiple parties. 
Therefore it would have been obvious to one with ordinary skill in the art at the time the 
invention was made to modify Shear et al.'s inventive concept to provide the steps performed by 
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each participant. This modification would have been obvious because one skilled in the art 
would have been motivated by the suggestions provided by Shear et aL in order to implement 
the inventive concept into a financial transaction with a verifying authority verifying the browser 
components of other parties, for example (see abstract and column 10, lines 33 et seq.) 

Claims 51-59 recite the same limitations as the rejected claims 18-34. Therefore, claims 
35-49 are rejected on the same rationale as the rejection of claims 18-34. 

As per claims 60-67, Shear et al. discloses the option of modifying the structure and 
function of participants and verifying authority, for example (see column 10, lines 33 et seq.). 

Claims 68-86 are similar to the rejected claims 50-67 except for incorporating the 
claimed method into a system. Therefore, claims 68-86 are rejected on the same rationale as the 
rejection of claims 50-67. 



Conclusion 



7. 



The prior art made of record and not relied upon is considered pertinent to applicant's 



disclosure as the art discloses security system involving multiple party transactions. 
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7. 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 703-305-0355. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 




Carl Colin 



AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



Patent Examiner 



September 8, 2004 



